[squid-users] Need help to solve problem with Squid 3.5.26 SSL Bump setting & iptables rules
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Aug 1 12:17:09 UTC 2017
Hey,
The iptables rules doesn't make any sense:
IPTABLES SETTING
# Generated by iptables-save v1.4.7 on Mon Jul 31 05:43:29 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8330155:414444635]
-A INPUT -i eth1 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3130
-A INPUT -j DROP
COMMIT
# Completed on Mon Jul 31 05:43:29 2017
There is no PREROUTING in the filter table...
Take a peek at:
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect#iptables_configuration
and also I suggest you to use intercept ports such as:
13128 (for http, port 80)
13129 ( for https, port 443)
And not port 3130.
Let me know if it helps with something.
Eliezer
----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Arsalan Hussain
Sent: Tuesday, August 1, 2017 12:45
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Need help to solve problem with Squid 3.5.26 SSL Bump setting & iptables rules
Dear all,
i have configured squid 3.5.26 SSL bump on CENTOS 6.2 to share internet and delay pools to control bandwidth (my configuration files attached)
Problem what i facing and not understanding the issue.
1- clients who send request- proxy setting working fine with this directive http_port 3128
- Delay pools working fine, internet browsing to all clients using proxy is working.
2- When transparent proxy clients sent http request via iptables ... REDIRECT.
http_port 3129 intercept
OR
When transparent proxy clients sent https request via iptables ... REDIRECT.
https_port 3130 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.pem
I observed the problem in both cases when client sent request through IPTABLES Squid service got failed. When i stop iptables and start squid then it start working.
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3129
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3130
3- my objective to setup squid.
* Internet sharing to Proxy setting configured clients.
* Internet sharing to Proxy Transparent clients (Those request directed to server from ip route 0.0.0.0 0.0.0.0 Proxy-IP from CISCO Network for HTTP and HTTPS Requests without configuring proxy setting (coming from wireless).
* delay pools for HTTP and HTTPS both browsing for proxy & transparent clients.
Kindly if somebody help me to fix my problems and if share any setting which works. I had added ssl bump certificate because the service was crashing again and again without any reason after a few days or sometime on same day.
--
With Regards,
Arsalan Hussain
If you don't fight for what you want, don't cry for what you lose.
More information about the squid-users
mailing list